Security Blog

Nov 3, 2011

More RSA Breach Companies Revealed?

Arguably one of the most significant data breaches of the last decade, the cyberattack on RSA earlier this year that resulted in information about RSA SecurID tokens being compromised has had a wide-reaching impact on IT security....More
Oct 25, 2011

Startup Bromium Seeks to Improve Cloud Security

Security in the cloud is on the minds of many IT administrators these days. While some fears of the cloud are unfounded, there are some real concerns that need to be addressed. Yet despite concerns about data in public clouds, former Citrix CTO Simon Crosby contends that cloud security should begin at the desktop. To address this issue, Crosby (who also co-founded XenSource) has partnered up with his XenSource partner Ian Pratt and Gaurav Banga, who was formerly the CTO of BIOS maker Phoenix Technologies, to launch Bromium, a new company focused on cloud security. While the exact details of what types of products Bromium will produce is still unclear, Crosby did reveal some of the thinking behind creation of his startup in a telephone interview earlier today. Bromium's Simon Crosby   Crosby believes that virtualization can be a powerful tool for cloud and overall IT infrastructure security, and hinted that Bromium's efforts would be in this direction. In a farewell post on his Citrix blog earlier this year, Crosby stressed that approach: There is an urgent need to dramatically shift the odds in favor of the good guys, and I remain firmly of the view that virtualization can offer a new toolset that can help to deliver a more secure and trustworthy computing infrastructure... Bromium is not ready to disclose its technology or products. We are fusing deep virtualization and security systems DNA to build a powerful set of tools that can offer continuous endpoint protection. Bromium does not intend to compete with any virtual infrastructure or security vendor. There is much more to tell, but we have a lot of work to do first. During our interview Crosby also argued that traditional attempts at securing the desktop had failed, and pointed to the flood of cyberattacks the industry has seen so far this year, ranging from the successful spearphising attack against RSA to the exploits of Anonymous and Lulzsec. "Everyone now understands that the traditiona...More
Oct 19, 2011

New Stuxnet-Like Worm Discovered 1

In June 2010, security experts, analysts, and software providers were warning IT managers about Stuxnet, a new computer worm that was spreading rapidly over the internet....More
Oct 17, 2011

McAfee, RSA Join Forces for Enterprise Compliance and Risk Management

Security giants McAfee and RSA have announced that they've joined forces for a new enterprise security and compliance solution that integrates security data and business information to provide what the companies claim will be a "deeper understanding of risk and compliance issues." The partnership centers around interoperability between RSA's Archer eGRC and McAfee's ePolicy Orchestrator (ePO) platforms. Aimed at large enterprises, this joint McAfee-RSA solution intends to give IT leaders a more strategic view of their security, policy, and compliance efforts. "[This] integration allows organizations to utilize McAfee security management products to manage system-level security while also incorporating data and findings from those products into their risk and compliance management processes within the RSA Archer eGRC Platform," McAfee's Senior Director Security Management said in a joint McAfee/RSA statement. RSA touted their own security management prowess, with David Walter, senior director of RSA, stating that "this integrated offering provides customers the opportunity to improve IT-GRC programs with information from security management processes." This integrated McAfee/RSA solution provides enhanced interoperability between RSA Archer and McAfee ePO, with both companies claiming that the enhanced integration provides "visibility into ownership and relationship to business processes and applications for a better understanding of the criticality of the issues captured from ePO and the appropriate accountability to ensure proper and timely response." McAfee's portion of the solution also rolls up data from other McAfee policy and security products to give administrators a more comprehensive view of the security posture of their IT infrastructure. McAfee and RSA have both been working to help enterprises more effectively manage security and compliance, with McAfee recently announcing their new DeepSAFE security initiativ...More
Oct 12, 2011

Bogus Netflix Android App Attempts to Steal User Information 2

Netflix has primarily been in the news for recent changes to their business model, with the company spinning off its DVD rental business a few weeks ago as a separate business under the Qwikster label. The move was widely viewed as a embarrassing misstep for the company, which recently backtracked on their decision, shut down Qwikster, and reinstated their original DVD rental offerings. Now security researchers at Symantec have uncovered a piece of non-functional malware that masquerades as an official Android Netflix app. According to a post by Symantec researcher Irfan Asrar, the original Netflix app for Android was released in early 2011 for only a select number of Android smartphones, owing to differences in handsets and Android OS versions. Malware authors stepped into the void by creating an app -- called Android.Fakeneflic -- for devices that originally were not supported by the official Netflix android app. To date the app has only been spotted outside the official Android Market, and it's important to stress that it isn’t fully functional. Asrar explains in more detail: "The official app, which was initially released in the early part of the year, was only recently published to the Android Market with support for multiple devices. A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for Android.Fakeneflic to exploit." For more information about this app, I had a phone interview earlier this morning with Liam O’Murchu, manager of operations for Symantec Security Response. Murchu pointed out that while the bogus app appears to steal Netflix login information, the app -- as tested by Symantec -- seems to be only partially completed, since the app doesn't actually send user information, and the server the app attempts to connect to is offline. It's also important to note that Netflix has upgraded their legitimate app to run on all Android de...More
Oct 6, 2011

Blog-Driven Android Malware Discovered

Google's Android mobile phone OS has increasingly become the mobile OS target of choice for malware authors, and recent news from Trend Micro security researchers indicates that malware authors are constantly developing new ways to infect target devices....More
Sep 26, 2011

Department of Defense Extends Cybersecurity Program

The U.S. Defense Department has decided to extend a program that helps partners and defense contractors improve their cybersecurity....More
Sep 14, 2011

Intel and McAfee Launch DeepSAFE Security Technology 2

Intel used the Intel Developer Forum (IDF) in San Francisco earlier this week to announce DeepSAFE, a new PC security technology developed in conjunction with McAfee, which Intel purchased for $7.68 billion earlier this year. According to McAfee and Intel, the new technology leverages hardware features of the latest Intel processors to work below the computer OS to create a new hardware-assisted approach to PC security. McAfee DeepSAFE technology diagram   According to McAfee, elements of DeepSAFE technology sit just below the OS and above PC hardware, a unique position that Intel and McAfee claim will provide a "direct view of system memory and processor activity that other solutions can access." A McAfee DeepSAFE FAQ provides more detail on how the technology will help defend PC systems against rootkits and other security threats (from the DeepSAFE Technology FAQ): McAfee DeepSAFE technology exposes the kernal mode rootkit behavior that easily hides malware from OS-based security. Kernel mode rootkits are some of the most insidious and hard to detect. DeepSAFE is designed to detect and block suspicious behaviors that are characteristic of many of those rootkits in real-time before they have a chance to spread and hide malware and APTs. According to comments made at IDF by Candace Worley, McAfee's senior vice president and general manager of endpoint security, enterprise products with DeepSAFE functionality should ship in late 2011. DeepSAFE is currently designed to work with Windows 7, but McAfee anticipates that DeepSAFE will work with Windows 8 upon release and is evaluating the possibility of bring the technology to Android mobile devices as well. Although the technology has been developed by Intel and McAfee, the DeepSAFE implementation uses Intel VTx technology that ships with Intel vPro and Core i3/i5/i7 processors, so other security vendors should conceivably be able to leverage DeepSAFE technology with their own software securi...More
Sep 7, 2011

Mobile Security: Tips for Securing Android Phones 3

I've been using a Motorola Droid X as my primary work phone for more than a year now. I've come to appreciate the breadth and depth of apps in the Android Market, the seamless integration with my office IT environment, and the superlative (and still unequaled) free Google Navigation app, which simply outclasses most traditional in-car GPS navigation devices I’ve used. Aside from occasional glitches and some awkward media handling, my experience with Android-powered smartphones has been largely positive. Yet despite the runaway success of Android as a smartphone OS, some dark storm clouds are looming on the horizon. That same popularity that drove Android to a dominant position in the smartphone market is beginning to attract the unwanted attention of hackers, cybercriminals, and malware creators who are simply going where the growth opportunities are. Android is growing fast, and bad actors are falling all over themselves for a piece of the action. I blogged a bit about the Android security risk in January of this year, when Trend Micro Chairman Steve Chang went on the record to say that Android had some security issues. Since then we've seen a raft of other high-profile Android security SNAFUs, from malware appearing in the Android Market to depressing stats from a security researcher who claimed that more than 120,000 apps infected with malware had been downloaded from the Android Market. My Windows IT Pro colleague Paul Thurrott even recently encouraged IT professionals to "just say no to Android" due to looming Android security problems. So what does a harried IT professional do when faced with the task of trying to keep his burgeoning stable of Android mobile devices safe and secure from attack? While a 100% effective approach to mobile security doesn't (and will likely never) exist, here are some security tips that could be helpful in keeping your Android phones free from malware and other hostile software.   1. Revisit Password Security: O...More
Aug 25, 2011

Private Yale Student Info Accessible via Google Search 1

While we're normally flooded with news about hackers who routinely bypass security systems and exploit zero-day vulnerabilities to gain access to sensitive systems, recent news from Yale University underscores that the vast majority of IT security failures are caused by human error, neglect, or plain ignorance. I've written about how users are often the weakest link in IT security, but that maxim can apply to simple human error in general.   According to the Yale student newspaper, the University is notifying 43,000 staff, students, and alumni that sensitive personal information -- like names and social security numbers -- were inadvertently made accessible to internet searches when a file containing that information was left unprotected and unsecured on an FTP server that was used as a storage location for open source software. Zoe Gorman at the Yale Daily News interviewed Yale Information Technology Services (ITS) Director Len Peters, and he pointed to a 2010 change in Google search that allowed the popular search engine to locate and index content on FTP servers. Peters said that the Yale ITS wasn't aware that Google made the change, which resulted in the file now being accessible through Google search. Yale University spokesman Tom Conroy released a statement about the incident, which describes measures the university will take to rectify the data breach and help prevent the individuals impacted from being victims of identify theft and other security-related ills. "Yale has established a Response Center for affected individuals and is offering free credit monitoring, identity theft insurance, and other assistance to all of the affected persons," Conroy said. "A data security firm will monitor credit files at all three major United States credit bureaus for 24 months and alert individuals if a new United States credit account is opened using their Social Security number. The University takes seriously the obligation to protect personal d...More
Aug 17, 2011

Adobe Fares Poorly in Kaspersky Lab Security Report

With the increased awareness about cybersecurity -- driven in part by the recent avalanche of high-profile hacks, break-ins, and take-downs -- it's more important than ever for vendors to keep their software patched and secure. In some cases that can be a Sisyphean task, as hackers and other bad actors are constantly trying to find vulnerabilities in existing software platforms. It's been well-documented that weaknesses and vulnerabilities in Adobe's Flash and Acrobat products have been used by hackers as alternative entry points into computer systems that are increasingly being hardened against attack. Microsoft has been especially diligent in this area, with Windows 7 and Internet Explorer 9 both drawing recent praise from experts for improved security. A recent report by security researchers from Kaspersky Lab underscores this trend, highlighting Microsoft’s improved security posture while pointing out less promising security performances by Adobe and Oracle. The latter two vendors were criticized for producing all the products involved in the top 10 IT security vulnerabilities Kaspersky has detected, with Adobe's Reader, Flash, and Shockwave products involved in 8 of the top 10 system vulnerabilities for the second quarter of 2011. Kaspersky researcher Yury Namestnikov elaborates on the list in his blog post: "For the very first time in its history, this ranking includes products from two companies only: Adobe and Oracle (Java). As we inferred in a previous report, Microsoft products have disappeared from the ranking. First and foremost, this is due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs...nine of the Top 10 vulnerabilities give the attacker full system access and four also allow access to important data on vulnerable computers." Adobe and Google security experts also recently sparred over discrepancies between what Adobe considers security fixes...More
Aug 10, 2011

Microsoft Patches Critical Vulnerabilities in IE, Windows DNS Server

Internet Explorer and Windows DNS Server both received critical patches from Microsoft in the most recent Patch Tuesday round of software updates. A total of 13 items were patched in this round of updates, with the remaining 11 of the 13 patches given a severity rating of "moderate" or "important." Microsoft posted details of the patch online in the August 11th Security Bulletin Summary. Read: More Security News and Articles This week's cumulative update for Internet Explorer (2559049, bulletin MS11-057) fixes seven vulnerabilities in IE, including severe vulnerabilities that "could allow remote code execution if a user views a specially crafted Web page using Internet Explorer." Like most other modern web browsers, IE is constantly being tested by hackers searching for vulnerabilities and weaknesses. Microsoft has been very aggressive about patching vulnerabilities in IE over the last few years, and recent statements by Microsoft executives indicate that a more aggressive approach to platform security will continue. The other critical vulnerability patched was related to Windows DNS server (2562485, bulletin MS11-058), which was susceptible to two privately reported security vulnerabilities. Like the aforementioned IE vulnerability, this update patches a vulnerability that deals with remote code execution. "The more severe of these vulnerabilities could allow remote code execution if an attacker registers a domain, creates an NAPTR DNS resource record, and then sends a specially crafted NAPTR query to the target DNS server," the bulletin warns. "Servers that do not have the DNS role enabled are not at risk." Microsoft encourages system administrators and IT security professionals to deploy the updates. Visit the MSRC blog or MSRC Twitter account (@MSFTSecResponse) for more details and additional Microsoft security news and updates. It's also a good idea to review the services available in the Microsoft Tec...More
Aug 4, 2011

Microsoft Launches $250,000 BlueHat Security Contest 1

Today at the BlackHat Security Conference in Las Vegas, Microsoft announced the BlueHat Prize contest, an initiative designed to generate ideas for improving computer security. A grand total of $250,000 will be offered to three prize winners, with first prize earning the winner a $200,000 check, second prize earning a check for $50,000, and third prize valued at $10,000 (in the form of a MSDN Universal subscription.)   The Microsoft BlueHat Prize contest website provides some additional details on what problems Microsoft wants contest entrants to address, with the following details provided by digging into the official contest rules and regulations: The object of this Contest is to design a novel runtime mitigation technology solution that is capable of preventing the exploitation of memory safety vulnerabilities. For purposes of this Contest, each prototype that is capable of protecting an application that runs on Windows you create and submit in the Contest will be called an "entry." In a statement announcing the contest, Katie Moussouris (@k8em0), senior security strategist lead for the Microsoft Security Response Center, stated that Microsoft is looking for new ways to encourage development of promising security solutions. "Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," Moussouris said. "We’re looking to collaborate with others to build solutions to tough industry problems. We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world." Entries for the Microsoft BlueHat Prize can be sent to between August 3rd, 2011 to April 1st, 2012. The winning three entries will be announced at the next Black Hat USA conference in 2012. Thinking of entering the contest for a shot at the $200,000 grand prize? Feel free to add a co...More
Aug 3, 2011

Microsoft: "Malware Authors Really Hate UAC" 3

You have to feel sorry for Microsoft's User Account Control, or UAC. It was introduced with Windows Vista, and was designed to improve overall system security by limiting applications to a lower set of privileges. The intent and underlying approach were noble, but the implementation and impact on standard users – at least in Windows Vista -- wasn't executed so well. Many Vista users complained about being inundated by UAC prompts when performing simple software installs or changes, and UAC quickly emerged as -- perhaps unfairly -- one of the most maligned features of Windows Vista. It earned the dubious distinction of being singled out for ridicule in one of the many Mac vs. PC TV commercials, and generated enough negative interest from Windows IT Pro readers that a quick search through our archives reveals not one, but two separate FAQ documents authored to help IT pros rid themselves of UAC: "Q. How can I disable the UAC (User Account Control) feature in Windows Vista?" and the even more urgent "Q: What's the fastest, easiest way to disable User Account Control (UAC) on a Windows Vista machine?" Windows IT Pro columnist Mark Minasi also had a few things to say about UAC, and our public forums had more than a few comments from users asking for help and assistance with their UAC wrangling.   Responding to feedback from users and IT administrators, Microsoft made significant changes and improvements to UAC in Windows 7, and the once common griping about excessive UAC prompts faded into the background. Granted, UAC under Windows 7 isn't perfect, with researchers at Sophos claiming back in 2009 that UAC in Windows 7 -- at least in it's default state -- isn't very effective at stopping viruses. That's not entirely fair, as every admin knows that an essential component of computer security is installing good, frequently-updated anti-virus software. UAC isn't anti-virus software, but it does help make things difficult for malware and other t...More
Jul 27, 2011

Anonymous and LulzSec Target PayPal, Scotland Yard Makes Arrest

  After exchanging words with the FBI over the recent arrest of 16 people alleged to have been involved in a distributed denial-of-service (DDoS) attack on PayPal back in December 2010, Anonymous and LulzSec have posted another joint statement that lambasts the FBI for their handling of the aforementioned arrests, and heaps scorn on PayPal for bowing to pressure from authorities to shut down PayPal donation services provided to Wikileaks back in December 2010. The statement criticizes the FBI for treating what the groups believe where peaceful participants of the December 2010 PayPal attack who were “adding one's voice to a chorus” and participating in a “digital sit-in with Low Orbit Ion Cannon.” (A “Low Orbit Ion Cannon,” or LOIC, is a public domain application that can be used to perform a DDoS attack on a specific site or webserver when used by a large group of people) as more serious cybercriminals, such as individuals that are “controlling a large botnet of infected computers.” The individuals charged in recent weeks by the FBI can face up to more than a dozen years in prison and hundreds of thousands of dollars in fines. LulzSec and Anonymous singled out PayPal for more scorn, stating that the online payment service was a “corrupt and greedy organization” and encouraged PayPal users to “immediately close their accounts and consider an alternative.” A tweet from a Twitter account affiliated with Anonymous urged PayPal users to close their accounts and post screenshots of their account closures with the #OpPayPal hashtag:     According to a post by Kevin Poulsen in Wired’s Threat Level blog, the FBI is also investigating a list of more than 1,000 IP addresses that PayPal provided to the bureau that generated the most protect traffic in the December 2010 DDoS attack against PayPal.   In related news, Scotland Yard reported announced earlier today that it had arrested a 19-year old man who used the online handle “Topiary” and frequen...More
Jul 25, 2011

FBI, LulzSec and Anonymous Escalate War of Words

The ongoing war of words between the FBI and the hacker groups Anonymous and LulzSec has reached a new level, beginning with statements made last week by Steven Chabinksy, deputy assistant FBI director, in an interview with NPR. "We want to send a message that chaos on the Internet is unacceptable," Chabinsky told NPR. "[Even if] hackers can be believed to have social causes, it's entirely unacceptable to break into websites and commit unlawful acts." A joint statement from Anonymous and LulzSec posted on Pastebin responded directly to Chabinsky's comments. (I’ve pasted in a screengrab of the joint Anonymous/LulzSec statement below.)     LulzSec and Anonymous have gone on a veritable hacking spree for months, with either one (or both) groups claiming at least some responsibility for hacking Sony's PlayStation Network, the websites of FBI partner InfraGard and the US Senate, and releasing information from the Arizona Department of Public Safety (AZDPS). LulzSec claimed in late June that it had called it quits, but this recent exchange with the FBI -- including a second successful hack of the InfraGard website -- seems to indicate that at least some members of LulzSec have returned to their hacking exploits.   The FBI arrested 16 people last week as part of their ongoing efforts to combat Anonymous, with the aforementioned individuals charged with contributing to a distributed denial of service (DDoS) attack against the PayPal website in December 2010 as part of a protest – dubbed “Operation Avenge Assange” – that was directed against PayPal’s decision to cut off donation service functionality to Wikileaks.   Another individual charged by the FBI last week was also allegedly involved in the first attack on the InfraGard website on June 21st, 2011. The FBI statement indicates that the individual in question “allegedly accessed without authorization the Tampa Bay InfraGard website and uploaded three files. The co...More
Jul 6, 2011

Symantec Launches Endpoint Protection 12 5

Backed by claims that it offers improved performance in both physical and virtual environments, Symantec's Endpoint Protection 12 (SEP12) is now available in two variants: Symantec Endpoint Protection Small Business Edition and Symantec Endpoint Protection 12. According to Symantec, testing by Dennis Labs and the Tolly Group indicates that SEP12 outperforms competing products (in terms of number of threats prevented and performance) running in VDI environments. (Look for a full review of SEP12...More
Jun 30, 2011

“Indestructible” Botnet Has Infected 4.5 Million PCs 1

  According to Russian security experts at Kaspersky Labs, a botnet know at “TDL-4” has emerged as one of the most resilient, tenacious, and potentially dangerous botnets in existence. In a post on Kaspersky’s Securelist website, researchers Sergey Golovanov and Igor SoumenkovIn believe that the creators of TDL-4 are attempting to create an “indestructible” botnet.   Botnets are networks of computers that are infected with malware. The creators of the botnet can then collectively le...More
Jun 28, 2011

Tumblr Microblogging Service Hit by Phishing Attack

  Popular microblogging service Tumblr has been hit with a “rather aggressive phish attack” over the past few days, according to GFI Labs security researchers Christopher Boyd and Jovi Umawing. Legitimate Tumblr users are being asked for their login information – in this case the phish seems to promise access to adult contest – and the user unknowingly enters their Tumblr login and password information.     GFI Labs mentions that Tumblr now has an automated email service to...More
Jun 27, 2011

LulzSec Calls it Quits

It's been quite a ride, but after several months of taunting the FBI, mocking the arrest of an alleged LulzSec member, and releasing some documents from the Arizona Department of Public Safety, LulzSec announced via a post on Pastebin that they were calling it quits....More
What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×